ForeThought - DeMystifying SAP Security
I attended SAP Tech-Ed in Bangalore... I am now Officially SAP Netweaver Security Certified. Let me share my understanding about SAP Security.
In my opinion, Classical SAP Security model with Users and Roles is simple yet a well thought out mechanism for giving access to Data and Functionality inside SAP.
The Areas that need clearer understanding/implementation knowhow are Security model for Portals and Business Intelligence.
One of the Areas which is left to abmiguity is security in the Presentation, Session and Transport Layers. Evidently SAP is moving from SNC to HTTPS protocol for Server to server Communications.
With the new emphasis on WebDynpros(Portals) and Exchange Infrastructure(XI) the Diag and Rfc Protocols are giving way to HTTP. This transformation is not very evident as most SAP implementations are centered around SAP GUI. The Core Single-Sign On Central User Admin(CUA) is still based old model.
A Promise from from SAP to deliver the functionality using Standard MS-Office platform is still fairly limited from a security perpective.
If you are typical IT guy...Dont be surprised to see your fellow SAP Basis person speak your same language of LDAP authentication, Kerberos, SAML and SSL Accelaration.
Infact It was heart warming to see the emphasis on Standards based security implementation approach for designing Internet facing SAP Solutions. This includes emphasis on Application gateways, Load balancers, Intrusion Detection, Identity Management and Change Management.
Future of SAP activites
================
User Provisioning - Manual(within SAP), Automated(SPML based) or Managed through LDAP
Role Assignment - Manual(within SAP -PFCG), Automated(SPML based) or Managed through LDAP
Role Creation - Manual Inside SAP - PFCG
Transport Security - Standards based/handled in Appliances (e.g App. Gateways/ Load Balancers etc)
Operating System/Database Security -- Not in Scope
At the pace at which SAP is delivering the new products and functionility this new approach allow them keep a close tab security.
I attended SAP Tech-Ed in Bangalore... I am now Officially SAP Netweaver Security Certified. Let me share my understanding about SAP Security.
In my opinion, Classical SAP Security model with Users and Roles is simple yet a well thought out mechanism for giving access to Data and Functionality inside SAP.
The Areas that need clearer understanding/implementation knowhow are Security model for Portals and Business Intelligence.
One of the Areas which is left to abmiguity is security in the Presentation, Session and Transport Layers. Evidently SAP is moving from SNC to HTTPS protocol for Server to server Communications.
With the new emphasis on WebDynpros(Portals) and Exchange Infrastructure(XI) the Diag and Rfc Protocols are giving way to HTTP. This transformation is not very evident as most SAP implementations are centered around SAP GUI. The Core Single-Sign On Central User Admin(CUA) is still based old model.
A Promise from from SAP to deliver the functionality using Standard MS-Office platform is still fairly limited from a security perpective.
If you are typical IT guy...Dont be surprised to see your fellow SAP Basis person speak your same language of LDAP authentication, Kerberos, SAML and SSL Accelaration.
Infact It was heart warming to see the emphasis on Standards based security implementation approach for designing Internet facing SAP Solutions. This includes emphasis on Application gateways, Load balancers, Intrusion Detection, Identity Management and Change Management.
Future of SAP activites
================
User Provisioning - Manual(within SAP), Automated(SPML based) or Managed through LDAP
Role Assignment - Manual(within SAP -PFCG), Automated(SPML based) or Managed through LDAP
Role Creation - Manual Inside SAP - PFCG
Transport Security - Standards based/handled in Appliances (e.g App. Gateways/ Load Balancers etc)
Operating System/Database Security -- Not in Scope
At the pace at which SAP is delivering the new products and functionility this new approach allow them keep a close tab security.
Comments
Its impressive to know something about your note on SAP HANA Course. Please do share your articles like this your articles for our awareness. Mostly we do also provide Online Training on SAP HANA Course. for more info Contact-Us at@ Tectist.com.